CVE-2016-1183
Severity CVSS v4.0:
Pending analysis
Type:
CWE-264
Permissions, Privileges, and Access Control
Publication date:
19/06/2016
Last modified:
12/04/2025
Description
NTT Data TERASOLUNA Server Framework for Java(WEB) 2.0.0.1 through 2.0.6.1, as used in Fujitsu Interstage Business Application Server and other products, allows remote attackers to bypass a file-extension protection mechanism, and consequently read arbitrary files, via a crafted pathname.
Impact
Base Score 3.x
3.70
Severity 3.x
LOW
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:nttdata:terasoluna_server_framework_for_java_web:2.0.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nttdata:terasoluna_server_framework_for_java_web:2.0.0.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nttdata:terasoluna_server_framework_for_java_web:2.0.1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nttdata:terasoluna_server_framework_for_java_web:2.0.2.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nttdata:terasoluna_server_framework_for_java_web:2.0.5.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nttdata:terasoluna_server_framework_for_java_web:2.0.5.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nttdata:terasoluna_server_framework_for_java_web:2.0.5.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nttdata:terasoluna_server_framework_for_java_web:2.0.6.1:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://jvn.jp/en/jp/JVN74659077/index.html
- http://jvndb.jvn.jp/jvndb/JVNDB-2016-000098
- http://www.fujitsu.com/jp/products/software/resources/condition/security/vulnerabilities/2016/index.html#CVE-2016-1183
- http://jvn.jp/en/jp/JVN74659077/index.html
- http://jvndb.jvn.jp/jvndb/JVNDB-2016-000098
- http://www.fujitsu.com/jp/products/software/resources/condition/security/vulnerabilities/2016/index.html#CVE-2016-1183